MDVSA-2009:088

Package name

wireshark

Date

2009-04-09

Advisory ID

MDVSA-2009:088

Affected versions

2009.0 x86_64 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

Multiple vulnerabilities has been identified and corrected in
wireshark:

o The PROFINET dissector was vulnerable to a format string overflow
(CVE-2009-1210).

o The Check Point High-Availability Protocol (CPHAP) dissecto could
crash (CVE-2009-1268).

o Wireshark could crash while loading a Tektronix .rf5 file
(CVE-2009-1269).

This update provides Wireshark 1.0.7, which is not vulnerable to
these issues.

Updated packages

2009.0 x86_64

 fde0562d4244fcd5c46bd426123bb762  2009.0/x86_64/dumpcap-1.0.7-0.1mdv2009.0.x86_64.rpm
 a94780e9a7fe2a90fef2ec6f76b1b4d3  2009.0/x86_64/lib64wireshark0-1.0.7-0.1mdv2009.0.x86_64.rpm
 cab3b23f1c2649c9035f396a6ac5b89a  2009.0/x86_64/lib64wireshark-devel-1.0.7-0.1mdv2009.0.x86_64.rpm
 1d5d4f151b02eb721b2aa2391bef5b15  2009.0/x86_64/rawshark-1.0.7-0.1mdv2009.0.x86_64.rpm
 0e80a0db6dc3243f35e18eb0e42ba6b6  2009.0/x86_64/tshark-1.0.7-0.1mdv2009.0.x86_64.rpm
 596cbc632f8cb9d9bfd817b7e3449d79  2009.0/x86_64/wireshark-1.0.7-0.1mdv2009.0.x86_64.rpm
 caf11a295f23aad7100719ff3d0afe46  2009.0/x86_64/wireshark-tools-1.0.7-0.1mdv2009.0.x86_64.rpm 
 d5758cdd51c62cf50348b9b868262b1f  2009.0/SRPMS/wireshark-1.0.7-0.1mdv2009.0.src.rpm

2009.0 i586

 5f374dee7a3e806aa8f55e222cf7a875  2009.0/i586/dumpcap-1.0.7-0.1mdv2009.0.i586.rpm
 50c880fb63f1d29f970e08907eb17e6a  2009.0/i586/libwireshark0-1.0.7-0.1mdv2009.0.i586.rpm
 aecb17f6c08968009c2943a86b1ac134  2009.0/i586/libwireshark-devel-1.0.7-0.1mdv2009.0.i586.rpm
 98ddaa9298f0dc2b9d9bcc6746e0a757  2009.0/i586/rawshark-1.0.7-0.1mdv2009.0.i586.rpm
 ce249c97cf2f80fba97c54f12386b60d  2009.0/i586/tshark-1.0.7-0.1mdv2009.0.i586.rpm
 fafb35021c36244cb71dd3c3664ada28  2009.0/i586/wireshark-1.0.7-0.1mdv2009.0.i586.rpm
 b672985920730bc14e03688ac56d6c50  2009.0/i586/wireshark-tools-1.0.7-0.1mdv2009.0.i586.rpm 
 d5758cdd51c62cf50348b9b868262b1f  2009.0/SRPMS/wireshark-1.0.7-0.1mdv2009.0.src.rpm

CS4.0 i586

 0fa546e721b3dafeec3c8dd737d5f414  corporate/4.0/i586/dumpcap-1.0.7-0.1.20060mlcs4.i586.rpm
 b7e8cc21418e0876ea6fabbf5416aff5  corporate/4.0/i586/libwireshark0-1.0.7-0.1.20060mlcs4.i586.rpm
 710a98dac2c3aaec7c71719e589ebab3  corporate/4.0/i586/libwireshark-devel-1.0.7-0.1.20060mlcs4.i586.rpm
 327d0395e370053fb419921046bc35de  corporate/4.0/i586/rawshark-1.0.7-0.1.20060mlcs4.i586.rpm
 7e6f1992ea5affd89c7c22764c4cdaa1  corporate/4.0/i586/tshark-1.0.7-0.1.20060mlcs4.i586.rpm
 4ea42e9e0ab0d057b730949bb9250dcd  corporate/4.0/i586/wireshark-1.0.7-0.1.20060mlcs4.i586.rpm
 a6ea90713046fe7d842ee0eb1a2c6157  corporate/4.0/i586/wireshark-tools-1.0.7-0.1.20060mlcs4.i586.rpm 
 b77a43dad87dcdf1b3ab423c4f259968  corporate/4.0/SRPMS/wireshark-1.0.7-0.1.20060mlcs4.src.rpm

CS4.0 x86_64

 e171bf67fe81f37840701fb485745724  corporate/4.0/x86_64/dumpcap-1.0.7-0.1.20060mlcs4.x86_64.rpm
 e2e552e09f83e146b38a683c45774bc6  corporate/4.0/x86_64/lib64wireshark0-1.0.7-0.1.20060mlcs4.x86_64.rpm
 e23f2a9c9205f37f83a432041462a565  corporate/4.0/x86_64/lib64wireshark-devel-1.0.7-0.1.20060mlcs4.x86_64.rpm
 9a9e0f90250d7f86542245337f1ab129  corporate/4.0/x86_64/rawshark-1.0.7-0.1.20060mlcs4.x86_64.rpm
 7f1c21606cd56e0601c1c8ef0198e331  corporate/4.0/x86_64/tshark-1.0.7-0.1.20060mlcs4.x86_64.rpm
 2c7ea9cada7e6ccbe93afc5416fe3082  corporate/4.0/x86_64/wireshark-1.0.7-0.1.20060mlcs4.x86_64.rpm
 81b6e83c830134f2d27b5a0b5eb1a322  corporate/4.0/x86_64/wireshark-tools-1.0.7-0.1.20060mlcs4.x86_64.rpm 
 b77a43dad87dcdf1b3ab423c4f259968  corporate/4.0/SRPMS/wireshark-1.0.7-0.1.20060mlcs4.src.rpm

2008.1 x86_64

 bc85820ec0857eeccdc7a6beb33512c1  2008.1/x86_64/dumpcap-1.0.7-0.1mdv2008.1.x86_64.rpm
 33d696120c8a6b2456cf32986e958d6a  2008.1/x86_64/lib64wireshark0-1.0.7-0.1mdv2008.1.x86_64.rpm
 c702bb0c37d362ad428020fd3504d14d  2008.1/x86_64/lib64wireshark-devel-1.0.7-0.1mdv2008.1.x86_64.rpm
 2fdb45d92da41b695cfa5c4312f754b0  2008.1/x86_64/rawshark-1.0.7-0.1mdv2008.1.x86_64.rpm
 622105a108c69497f97fa029545112fe  2008.1/x86_64/tshark-1.0.7-0.1mdv2008.1.x86_64.rpm
 10f2f59bc26917a1345bc96eced4bdde  2008.1/x86_64/wireshark-1.0.7-0.1mdv2008.1.x86_64.rpm
 f7bc70beed52589f61f579629a1c39c8  2008.1/x86_64/wireshark-tools-1.0.7-0.1mdv2008.1.x86_64.rpm 
 cc39d293bcdde09757d7c8eee9cf09fc  2008.1/SRPMS/wireshark-1.0.7-0.1mdv2008.1.src.rpm

2008.1 i586

 1dc62d022c4cbaa5ca9b07e089cd2a12  2008.1/i586/dumpcap-1.0.7-0.1mdv2008.1.i586.rpm
 56a350f069b514514615d58a2c4d2cc0  2008.1/i586/libwireshark0-1.0.7-0.1mdv2008.1.i586.rpm
 6b77a007c2f75ab0c048891ce01935ad  2008.1/i586/libwireshark-devel-1.0.7-0.1mdv2008.1.i586.rpm
 0362de945cda3c60f97de2ffecc9cc62  2008.1/i586/rawshark-1.0.7-0.1mdv2008.1.i586.rpm
 951fcc1d89f98da0a5eb4b9a40304d37  2008.1/i586/tshark-1.0.7-0.1mdv2008.1.i586.rpm
 72feaee83f92f0889450c962b7620016  2008.1/i586/wireshark-1.0.7-0.1mdv2008.1.i586.rpm
 d4792c75c5dbf8f8d01f98a6bd03abf9  2008.1/i586/wireshark-tools-1.0.7-0.1mdv2008.1.i586.rpm 
 cc39d293bcdde09757d7c8eee9cf09fc  2008.1/SRPMS/wireshark-1.0.7-0.1mdv2008.1.src.rpm

References

• http://www.wireshark.org/security/wnpa-sec-2009-02.html
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1269
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1210
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1268